From what I can see, it's pretty useful and I'm not detecting any errors or issues which would cause a regression. Final testing will be done by COB today but I expect to fold it into trunk, while adding some doc info.
On Feb 27, 2014, at 12:19 PM, ryo takatsuki <[email protected]> wrote: >> Thx for the patch! Let me take a look... I'm assuming that there's >> no real work-around other than the patch itself, right? > > If there is, we could not find it :) We have been searching for months > and trying different approaches. This is required to work with out of > the box installation of many apps without requiring them to modify > their htaccess files. > > Thanks for looking into it! > > 2014-02-27 14:24 GMT+01:00 Jim Jagielski <[email protected]>: >> Thx for the patch! Let me take a look... I'm assuming that there's >> no real work-around other than the patch itself, right? >> >> On Feb 26, 2014, at 1:47 PM, ryo takatsuki <[email protected]> wrote: >> >>> Hi all, >>> >>> Any other comments about the patch? I believe it is simple enough and >>> could ease the migration from mod_php to PHP-FPM (and make use of the >>> new event mode) with minimal changes to the default configurations. >>> Could you consider adding it? Pretty please :) >>> >>> To give more background, at Bitnami we have 800.000+ monthly *new* >>> installs just for Apache + PHP environments, a growing number of them >>> in the cloud. We have daily requests for switching to nginx as the >>> default, but we believe Apache 2.4 event MPM + PHP-FPM to be >>> equivalent in terms of performance and you get all the other goodness >>> of Apache. This is a small change that would make the transition to >>> the event MPM on our side significantly easier (long story) >>> >>> Best regards, >>> >>> Juanjo. >>> >>> 2014-02-18 15:46 GMT+01:00 ryo takatsuki <[email protected]>: >>>>> AddHandler might be tricky from security point of view, eg. most of cms >>>>> software >>>>> usually checks only for last extension before writing uploaded files, >>>>> but this AddHandler will also >>>>> pass test.php.jpeg to php which might execute this >>>> >>>> Yes, It would be probably safer to use something like: >>>> >>>> <FilesMatch \.php$> >>>> SetHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/" >>>> </FilesMatch> >>>> >>>> 2014-02-17 0:11 GMT+01:00 Lazy <[email protected]>: >>>>> 2014-02-06 ryo takatsuki <[email protected]>: >>>>>> Hi, >>>>>> >>>>>> I have an improvement request to suggest but I would like to first >>>>>> provide >>>>>> some background to justify it, I apologise for the long email :). >>>>>> >>>>>> I'm actively using mod_proxy to forward PHP files requests to PHP-FPM. My >>>>>> current approach is to use a RewriteRule with the 'P' flag because (in >>>>>> most >>>>>> of the cases) it plays nicely with other rules configured by the >>>>>> applications I'm configuring, as well as allowing per-Directory >>>>>> configurations. >>>>>> >>>>>> To make it properly work I must assure the proxy RewriteRule must be the >>>>>> latest one to be evaluated. The problem is that from time to time I >>>>>> encounter corner cases in which the rules previously executed include a >>>>>> [L] >>>>>> option that abort the next rules evaluation, skipping the proxy one, >>>>>> making >>>>>> Apache serve the PHP text as plain text. This can be solved by tweaking >>>>>> the >>>>>> rules but it is a tedious process and is hard to determine all the >>>>>> scenarios >>>>>> in which the rewrites could go wrong. >>>>> >>>>> IMHO this is a good idea, a handler is more compatible with .htacess >>>>> files created for >>>>> mod_php and it fits shared hosting env >>>>> >>>>>> >>>>>> Thinking about my goal with all of this was at the beginning, I realised >>>>>> I >>>>>> only wanted a way of configuring a handler for all my PHP files, that in >>>>>> this case is PHP-FPM, without having to worry about what happens before >>>>>> the >>>>>> resource is going to be served. This made my think about the possibility >>>>>> of >>>>>> adding this functionality to mod_proxy itself, allowing defining a proxy >>>>>> worker as a handler for certain types of files. Something like: >>>>>> >>>>>> AddHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/" .php >>>>> >>>>> AddHandler might be tricky from security point of view, eg. most of cms >>>>> software >>>>> usually checks only for last extension before writing uploaded files, >>>>> but this AddHandler will also >>>>> pass test.php.jpeg to php which might execute this >>>>> >>>>>> I made a quick POC, it is a really small change and for those in my >>>>>> situation it could really simplify the configuration of their apps. Of >>>>>> course, I'm open to criticisms and alternative solutions :). >>>>>> >>>>>> >>>>>> The code that adds the new functionality is inserted at the beginning of >>>>>> mod_proxy's proxy_handler. The conditions are a little weird because I >>>>>> only >>>>>> wanted to check the handler if it is not a proxy request already. >>>>>> >>>>>> diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c >>>>>> index 9d7c92f..49f3bdc 100644 >>>>>> --- a/modules/proxy/mod_proxy.c >>>>>> +++ b/modules/proxy/mod_proxy.c >>>>>> @@ -927,8 +927,20 @@ static int proxy_handler(request_rec *r) >>>>>> struct dirconn_entry *list = (struct dirconn_entry >>>>>> *)conf->dirconn->elts; >>>>>> >>>>>> /* is this for us? */ >>>>>> - if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", >>>>>> 6) >>>>>> != 0) >>>>>> + if (!r->filename) >>>>>> + return DECLINED; >>>>>> + >>>>>> + if (!r->proxyreq) { >>>>>> + if (r->handler && strncmp(r->handler, "proxy:", 6) == 0 && >>>>>> strncmp(r->filename, "proxy:", 6) != 0) { >>>>>> + r->proxyreq = PROXYREQ_REVERSE; >>>>>> + r->filename = apr_pstrcat(r->pool, r->handler, r->filename, >>>>>> NULL); >>>>>> + apr_table_setn(r->notes, "rewrite-proxy", "1"); >>>>>> + } else { >>>>>> return DECLINED; >>>>>> + } >>>>>> + } else if (strncmp(r->filename, "proxy:", 6) != 0) { >>>>>> + return DECLINED; >>>>>> + } >>>>>> >>>>>> /* handle max-forwards / OPTIONS / TRACE */ >>>>>> if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) { >>>> >>>> >>>> >>>> -- >>>> I've seen things you people wouldn't believe. >>>> Attack ships on fire off the shoulder of Orion. >>>> I watched C-beams glitter in the dark near Tannhauser Gate. >>>> All those moments will be lost in time like tears in rain. >>>> Time to die. >>> >>> >>> >>> -- >>> I've seen things you people wouldn't believe. >>> Attack ships on fire off the shoulder of Orion. >>> I watched C-beams glitter in the dark near Tannhauser Gate. >>> All those moments will be lost in time like tears in rain. >>> Time to die. >>> >> > > > > -- > I've seen things you people wouldn't believe. > Attack ships on fire off the shoulder of Orion. > I watched C-beams glitter in the dark near Tannhauser Gate. > All those moments will be lost in time like tears in rain. > Time to die. >
